Revision as of 18:05, 5 December 2012

zh-CN:LAMPLAMP refers to a common combination of software used in many web servers: Linux, Apache, MySQL, and PHP. This article describes how to set up the Apache HTTP Server on an Arch Linux system. It also tells you how to optionally install PHP and MySQL and integrate these in the Apache server.

If you only need a web server for development and testing, Xampp might be a better and easier option.

Installation

This document assumes you will install Apache, PHP and MySQL together. If desired however, you may install Apache, PHP, and MySQL separately and simply refer to the relevant sections below.

Note: New default user and group: Instead of group "nobody", apache now runs as user/group "http" by default. You might want to adjust your httpd.conf according to this change, though you may still run httpd as nobody.

Configuration

Apache

For security reasons, as soon as Apache is started by the root user (directly or via startup scripts) it switches to the UID/GID specified in /etc/httpd/conf/httpd.conf

Check for the existence of the http user by looking for http in the output of the following command:

# grep http /etc/passwd

Create the system user http if it does not exist already:

# useradd -d /srv/http -r -s /bin/false -U http

This creates the http user with home directory /srv/http/, as a system account (-r), with a bogus shell (-s /bin/false) and creates a group with the same name (-U).

Change httpd.conf and optionally extra/httpd-default.conf to your liking. For security reasons, you might want to change ServerTokens Full to ServerTokens Prod and ServerSignature On to ServerSignature Off in extra/httpd-default.conf.

Apache should now be running. Test by visiting http://localhost/ in a web browser. It should display a simple Apache test page. If you receive a 403 Error, comment out the following line in /etc/httpd/conf/httpd.conf:

User dirs

If you do not want user directories to be available on the web (e.g., ~/public_html on the machine is accessed as http://localhost/~user/ -Note that you can change what this points to in /etc/httpd/conf/extra/httpd-userdir.conf), comment the following line in /etc/httpd/conf/httpd.conf since they are activated by default:

Include conf/extra/httpd-userdir.conf

You must make sure that your home directory permissions are set properly so that Apache can get there. Your home directory and ~/public_html/ must be executable for others ("rest of the world"). This seems to be enough:

$ chmod o+x ~
$ chmod o+x ~/public_html

More secure way to share your home folder with apache is to add http user in group that your home folder belongs. For example, if your home folder and other sub-folders in your home folder belong to group piter, all you have to do is following:

$ usermod -aG piter http

Of course, you have to give read and execute permissions on ~/, ~/public_html, and all other sub-folders in ~/public_html to the group members (group piter in our case). Do something like following (modify commands for your specific case):

Note: This way you do not have to give access to your folder to every single user in order to give access to http user. Only http user and other potential users that are in piter group will have access to your home folder.

and restart httpd.

SSL

Create self-signed certificate (you can change key size and days of validity)

You can enable and disable single virtual hosts by commenting them out or uncommenting them.

Advanced Options

These options in /etc/httpd/conf/httpd.conf might be interesting for you:

# Listen 80

This is the port Apache will listen to. For Internet-access with router, you have to forward the port.

If you setup Apache for local development you may want it to be only accessible from your computer. Then change this line to:

# Listen 127.0.0.1:80

This is the admin's email-address which can be found on e.g. error-pages:

# ServerAdmin sample@sample.com

This is the directory where you should put your web pages:

# DocumentRoot "/srv/http"

Change it, if you want to, but do not forget to also change the

<Directory "/srv/http">

to whatever you changed your DocumentRoot to, or you will likely get a 403 error (lack of privileges) when you try to access the new document root. Do not forget to change the Deny from all line, otherwise you will get 403 error too.

# AllowOverride None

This directive in <Directory> sections causes apache to completely ignore .htaccess files. If you intend to use rewrite mod or other settings in .htaccess files, you can allow which directives declared in that file can override server configuration. For more info refer to http://httpd.apache.org/docs/current/mod/core.html#allowoverride

Note: If you have issues with your configuration you can have apache check the configuration with:
apachectl configtest

If the PHP code is is not executed (you see : <html>...</html>), check that you have added "Includes" to the "Options" line for your root directory in /etc/httpd/conf/httpd.conf. Moreover, check that TypesConfig conf/mime.types is uncommented in the <IfModule mime_module> section, you may also try adding the following to the <IfModule mime_module> in httpd.conf:

AddHandler application/x-httpd-php .php

Advanced options

It is recommended to set your timezone in /etc/php/php.ini like so: (list of timezones)

date.timezone = Europe/Berlin

If you want to display errors to debug your php code, change display_errors to On in /etc/php/php.ini:

display_errors=On

If you want the libGD module, install php-gd and uncomment extension=gd.so in /etc/php/php.ini:

Note: php-gd requires libpng, libjpeg, and freetype2

extension=gd.so

Note: Pay attention to which extension you uncomment, as this extension is sometimes mentioned in an explanatory comment before the actual line you want to uncomment.

If you want the mcrypt module, install php-mcrypt and uncomment extension=mcrypt.so in /etc/php/php.ini:

extension=mcrypt.so

Remember to add a file handler for .phtml if you need it in /etc/httpd/conf/extra/php5_module.conf:

MySQL

You can add minor privileged MySQL users for your web scripts. You might also want to edit /etc/mysql/my.cnf and uncomment the skip-networking line so the MySQL server is only accessible by the localhost. You have to restart MySQL for changes to take effect.